I wrote a new unified IP logging/retention system, and I changed the way backups are done in order to ensure limited retention on certain privacy-sensitive things. See: https://bitcointalk.org/privacy.php

Previously I said that IPs are only logged when you post and in some limited other cases, such as when you encounter certain errors. This is no longer true: you should now think about IP logging as happening constantly.

There's now an option in your account settings which will allow you to reduce retention of your logged IPs to 3 months. You should only consider enabling this if you've staked a pubkey in the thread and you're sure that your account email is correct. I'm not sure if 3 months is enough to respond adequately to all abuse; we'll see, and I might change it later or perhaps restrict it based on rank.

I considered putting a warning on trust pages for users who have enabled limited retention, since it theoretically might make legal action against them more difficult in case they scam you, but my current thinking is that this is kind of pointless because someone could just not enable the setting and use Tor for the same effect. And it'd be both privacy-invasive and futile whack-a-mole to try to indicate when people are using proxies. On the other hand, scammers are often pretty stupid, so I could be convinced to add the warning.

No. Previously IPs were logged sporadically but usually kept indefinitely; this is an overall significant reduction in retention.


Right. Though if someone really wants to know, I might consider manually giving them their logs after verifying that their account doesn't look hacked.

Logged IPs are logged forever, but IPs are only logged in certain circumstances (such as posting). Just logging in doesn't result in your IP being permanently logged.

I am willing to cooperate with police on real scams. Whenever someone asks me to release a scammer's IP, I tell them to have police email me from an official police address. I have received police requests a handful of times. Mostly the cases were real scams and I gave the police the requested info. In some cases I've rejected their requests. For example, I refused to give information to some foreign version of the SEC because securities laws are unjust. Of course, you should not trust that I will act in your best interest. If you want to be anonymous, then you must use Tor (or whatever).